Hi, On 8/28/07, Stef Walter <[EMAIL PROTECTED]> wrote: > > - have some mechanism for "smart deductions," like "I can guess you > > have an XMPP account that matches your google.com username/password" - > > maybe this just has to be in the apps, not sure > > Along with what Alan said, pushing this too far down the stack opens up > many possibilities for password retrieval attacks, like the recent spate > of attacks that exploited this in Firefox and Safari. >
I think you guys may understand this backward from what I meant. I am saying if you logged in to google (or Flickr, or whatever) in the browser, then your desktop apps could get at that login info. I'm not saying that the browser could get stuff from the desktop - JavaScript remains sandboxed as usual. (Though as long as somethingis tagged with a domain, and the domain is exact-matched, that might be fine too I would think. But of course it would have to be very carefully defined what the "domain" field means and who sets it.) The functionality I'm after is the same thing we already have for online.gnome.org, where if you are logged in to the web site, then the desktop can use the same cookie to sign on to the XMPP server. Havoc _______________________________________________ desktop-devel-list mailing list [email protected] http://mail.gnome.org/mailman/listinfo/desktop-devel-list
